On Mon, Feb 03, 2014 at 06:00:42PM +0800, Chen Gang wrote: > We can not assume "'path' + 'ctx->fs_root'" must be less than MAX_PATH, > so need use snprintf() instead of sprintf(). > > And also recommend to use ARRAY_SIZE instead of hard code macro for an > array size in snprintf().
In the event that there is overflow this will cause the data to be truncated, potentially causing QEMU to access the wrong file on the host. Both snprintf and sprintf are really bad because of their use of fixed buffers. Better to change it to g_strdup_printf which dynamically allocates buffers. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
